www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Semenyaka <al...@rinet.ru>
Subject suexec/2241: suEXEC won't execute anything not under DOC_ROOT from suexec.h
Date Sun, 17 May 1998 11:34:58 GMT

>Number:         2241
>Category:       suexec
>Synopsis:       suEXEC won't execute anything not under DOC_ROOT from suexec.h
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun May 17 04:40:00 PDT 1998
>Last-Modified:
>Originator:     alexs@rinet.ru
>Organization:
apache
>Release:        1.2.6
>Environment:
>Description:
Whean I run a main Web-server and several other I want to provide the access of different
people to the maintaining each of them.
It means that I would like to have own cgi-bin directory for each of those servers and run
scripts with corresponding UID/GID.
It is possible only with suEXEC wrapper; however suEXEC is able to run programs with the path,
necessaryly containing DOC_ROOT (/usr/local/etc/httpd/htdocs by default), and I do NOT want
to create users directories there.
There is no such problem without suEXEC but in this case scripts are run as fake httpd-users,
and, so do not have permission to write anything in user directory.
>How-To-Repeat:
Unfortunatelly I needed to setup working server quickly so I cannot show you it now.
Of course I can provide you my configuration files but I suppose it is not what you want,
don't you?
>Fix:
Here is the patch for suexec.c to fix the problem. The main idea is to set working directory
to DOC_ROOT only if the environment variable DOCUMENT_ROOT is not defined, and to DOCUMENT_ROOT
from the environment else.

*** suexec.c.old        Sat May 16 23:01:02 1998
--- suexec.c    Sun May 17 14:52:59 1998
***************
*** 223,228 ****
--- 223,231 ----
      char *actual_gname;     /* actual group name           */
      char *prog;             /* name of this program      */
      char *cmd;              /* command to be executed    */
+ /*+APS+*/
+     char *envvar;         /* environ variable value    */
+ /*-APS-*/
      char cwd[AP_MAXPATH];   /* current working directory */
      char dwd[AP_MAXPATH];   /* docroot working directory */
      struct passwd *pw;      /* password entry holder     */
***************
*** 391,398 ****
              exit(112);
          }
      }
!     else {
!         if (((chdir(DOC_ROOT)) != 0) ||
            ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
            ((chdir(cwd)) != 0))
          {
--- 394,407 ----
              exit(112);
          }
      }
!     else { /*+APS+*/
!       if ((envvar=getenv("DOCUMENT_ROOT")) != NULL )
!                strncpy(dwd, envvar, AP_MAXPATH);
!       else
!                strncpy(dwd, DOC_ROOT, AP_MAXPATH);
!       log_err("dwd: %s\n", dwd);
!         if (((chdir(dwd)) != 0) ||
!          /*-APS-*/
            ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
            ((chdir(cwd)) != 0))
          {
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]


>uname -a
FreeBSD snark.rinet.ru 3.0-971012-SNAP FreeBSD 3.0-971012-SNAP #0: Fri Mar  6 23:22:59 MSK
1998     root@snark.rinet.ru:/usr/src/sys/compile/CYRIX_DOS  i386
>gcc --version
2.7.2.1


Mime
View raw message